

CONFIDENTIAL 

MPA BRIEFING NOTE ON THE DVD HACK (DeCSSl 
FOR THE R1GHTSHOLDERS COALITION 

THE DVD AND CSS: 

The introduction of the DVD was delayed for several years because the audio-visual 

industry recognised the danger of introducing a new digital format that could be a 

template for the creation and distribution of unlimited, perfect copies. As a result, the 
MPA member companies did not agree to make their content available for distribution on 
DVDs until technical protection was developed to protect it. This position led to the 
development of the CSS (Content Scrambling System) encryption technology by 
Matsushita Electric Industrial Company Limited (MEI). In essence, the CSS is a 

scrambling system designed to make the copying of a DVD impossible. All 

manufacturers of DVD hardware use this system under a license granted by the DVD 
Copy Control Association (CCA). 

THE CSS PROTECTION SYSTEM: 

CSS is an encryption-based security and authentication system that requires the use of 
appropriately-configured hardware (e.g., a DVD player or computer DVD drive) to 
decrypt, unscramble and play back copies of motion pictures on DVDs. The content of 
the DVD is stored in a scrambled form designed to prevent copying. In order to view the 
film the picture must be unscrambled. To do so, the CSS needs a “key" which in effect 
unlocks the code. In PCs, the actual unscrambling is performed by a number of 
commercially available computer programs such as WinDVD, ATI DVD or XING DVD. 
The key is actually stored on the DVD itself but it is hidden in a secret sector. The DVD 
will only allow this key to be read if it is accessed by an algorithm, which was designed 
by MEI, and is the industry standard. In hardware devices such as a DVD player it is 
contained within a larger program stored on a microprocessor. On computers, it is 
contained within a larger program stored on the computer's hard disc. The algorithm 
actually provides the key. The larger program, which surrounds the algorithm, provides 
security devices designed to prevent access to the algorithm. These devices include 

encrypting the algorithm itself and a utility that causes the computer to crash if the 
algorithm is accessed. 

THE HACK - DeCSS: 

On or about October 25, 1999, an individual or group of individuals in Europe managed 
to hack the DVD encryption system and began to offer, via the Internet, a software utility 
called DeCSS that enables users to effectively "break" the CSS copy protection system 
and thereby make and distribute digital copies of DVD movies. DeCSS functions by 
emulating the genuine CSS algorithm, which is a computer program that produces a 
"result (i.e., it allows the “key” to be read). In other words, it allows a non-CSS- 
compliant DVD player to play, store, copy, or transmit digital copies of DVD content. 
DeCSS breaks the CSS encryption. DeCSS differs from "DVD Rippers” which only 
allow analogue copies of DVDs to be made but do not break the encryption. DeCSS can 
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e used, therefore, to create legitimate-quality DVDs. While it is possible that the -‘hack” 
occurred as a result of a completely new program, it is more likelv that the hackers 
accessed the genuine algorithm and have copied those parts which produce the "result” It 
was reported in the press that DVD software produced by Xing Technologies. a Japanese 
company which has recently been acquired by Real Networks, had been marketed 

inri,T/ r °l CtI °u' in , thC S£nSe that 3 program used t0 P rotect the algorithm had not been 
included within the device. Thus, it is believed that the hackers were able to copv the 

algorithm contributing to the development of DeCSS. 

DVD CCA ACTION- 

com^alnt seeking a temporary restraining order (TRO is a form of interim 

created & ^ “ 3 Callfornia court in December, asserts that the person who 

created DeCSS must have accepted and then violated the terms of the "click wrap” 

D^ S rnnv rT 3 T erS Of DVD hardware use CSS under a license granted by 
to L y i ^ 0ntr0 * As ^ 0ciatlon < CCA )- This license includes a provision that requires 
njoin public disclosure of the trade secrets embodied in CSS. Xing in turn 

requires Xing software users to agree to the terms of a ‘*click wrap” license that prohibits 

Cff0r,S 10 SeC “ re 3 7,10 72 -•* and unlo™ 

° Pr ° hlb thC ftirther use or disclosure of DeCSS were unsuccessful. The 
judge did not give reasons for his refusal to grant a TRO. The same judge considered 

V . . a fP hcatlon f or a preliminary injunction on 18 January. He will likelv give his 

til I ' / ’ O P . * | . ' was reverse engineered in violation of 

me CSS and Xing licenses and that as the trade secrets embodied in CSS were obtained 

improperly, the defendants should be enjoined from using or disclosing them The 

defendants argued that CSS was too weak to protect the trade secrets and § that reverse 

was , m “y case lawfid ^ Norway (where it is believed CSS was first 

enoarin' ^ *1° 3rgUed that the CCA was seekin g to prevent the defendants from 
® g * g !T academic research and fro m exercising their constitutional right to free 
speech, and that, once posted on the Internet, a trade secret loses its protection . 

Many people in the Internet community have rejected the proposition that it was 

who cr^H n r C ,V h£ f 8 "“ nSe in 0rder “ create DeCSS - -S4 *« no one Lows 
du “ h0 y CCA musI P rove that lher « w«s a violation of a coniractual 

duty to protect the CSS trade secrets in order to prohibit either reverse engineering CSS 

or engineering around ’ the CSS encryption under California trade secret law. They have 

3 S ?; 3 ! S h ed reverse - en gmeering (to achieve Linux compatibility) arguments. As noted 
above, the judge has not yet addressed the merits of the case. 

MPA ACTIONS; 

vveLh/ A flrs ! u became r aware of DeCSS on 25 October 1999. It was traced back to a 
ebsite owned by Jon Johansen m Norway. However, since its first appearance. DeCSS 

as been posted on, or linked-to, thousands of websites around the world, and is probably 
m the possession of thousands of individuals. The MPA has sent out cease-and-desist 
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hackers ‘take 'or! de bUt ! /3 ° f 1 *«* have com P ,ied - Given the fact that 

invnlvpH th Lof m collecting and dlst nbuting films regardless of the cost or effort 

Tar fitture t0 ^ DV ° dataflleS circulating wilhi " hacker groups in the 

Conn^ A Mem , ber Com P anies flled federal acd °ns on 14 January in New York and 
Connecticut seeking interim relief under the anti-circumvention provisions of the Digital 

■ • 1Un l °P yright (DMCA), against a number of distributors of DeCSS. The 
c aims are for injunctive relief and for money damages and related relief against some of 
those responsible for proliferating DeCSS so that individuals can make, distribute, and/o r 
erwise electronically transmit or perform unauthorized copies of the MPA Member 
Companies copyrighted motion pictures and other audio-visual works On Thursday 
January 20, New York Federa! Judge Lew,s A. Kaplan granted the requ", for "a 

femoTDTr'nrft'' 0 ”* 831 ",!,' New York - tased defendants. They must immediately 
digital piracy SS * SK “' Thc result is a ma J OT victory in the battle against 

With respect to "anti-circumvention devices", the DMCA provides that 

No person shall ... offer to the public, provide, or otherwise traffic in any 

echnology product, service, device, [or] component... that is primarily designed 

or produced for the purpose of circumventing protection afforded by a 

echnological measure that effectively controls access to a copyrighted work or 
protects a right of a copyright owner. . . 

dat.ivaX a8 Vtr mVentin8 proBC,i0 "" "*•“ avoiding, bypassing, removing, 
deactivating, or otherwise impairing a technological measure. A "technological 

“^c^ re t ri f’ r oth r ise ,imits the exercise of a right ° fa -pyrigh! 

ner. the CSS is a technological measure because it limits people with DVDs from 

mLslZ U m a 0 v n h Sed C ° PieS -, Any perS ° n injured by a vio,ation of the anti-circumvention 
rules above may bring a civil action in an appropriate US District court. The injury will 

resu from the eventual theft of intellectual property contained in the DVDs The court 
may also award damages, costs, and fees. 

THE P UBLIC PERCEPTION OF THF nvn Hariz 

The DVD hack has raised several first amendment (freedom of speech) and reverse- 
engineering issues. The implication is that the film industry is somehow seeking to stifle 
free speech. The purpose of the CSS is to protect copyright works. This is an fmpoZt 
public policy recognised by the US Constitution, other national laws and international 
aw Moreover, the DMCA, which provides legal protection for technical measures in 

dJUlU °f T m f° nal obli § at ‘ ons under the WIPO Copyright Treaties, foresees the 
elopment of such measures. The circumvention of these measures protected by such 
legislation is a crime. The issue of free speech is not relevant. With respect to the DMCA 
ere is no conflict with free speech because the DMCA does not prevent fair use. Fair 
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use does not extend to the copying of entire works. There is scope for research and 
reverse engineering under the DMCA subject to certain limitations These exTeptmns 
were not however intended to permit the dissemination of circumvention devices which 

It t0 i nfringe the DMCA a nti-circumvention provisions as well as other laws 

is clear from the press and on-line chat forums that the real goals of those now involved 
n disseminating the DeCSS is not to exercise their freedom of expression but the desire 
o damage the film industry. The resultant damage threatens the future production of 
audio-visual works, thereby causing injury to film producers, directors actors 

dk r‘h U t ’ m 1 "" 5 3nd th£ many ° ther people involved »n the production and 
distribution of films, not only in the US, but world-wide. 

IH E PROPOSED Eli COPYRIGHT DrRFfTTVF* 

Fn iSSU \ and d r 10 the iMeraational of the Interne,, the legislative 
situation in the EU is obviously important, particularly due to the fact that the "hack" 

appears; to have occurred in Europe. These events highlight the importance of the 

f • the WIP0 C °pyright Treaties. In the EU the Proposed 
Copyright Directive, which is meant to implement these treaties, also contains legal 
protection for technical measures. ® 

In order to address the DVD hack (and other forms of illicit circumvention), rightsholders 
need a strong Copyright Directive backed up by effective enforcement. The* Copyright 

Work n?’ r WhlCh , 1S u CU1 ^ ndy bemg debated b y the Member States (in the Council 
t 8 t°T ’ should be adopted quickly but not at the expense of effective 
protection. To the extent that rightsholders are unable to enforce the legal protection for 

technical measures in the Copyright Directive because it sanctions non-infringing uses 
we will be severely limited in our ability to address problems like DeCSS. In the digital 
environment, rightsholders will use technical measures to ensure the delivery of an ever- 

rde™mXmm yri8h, r terialS ' The traditional noIion5 of P rivaK copying are no, 

. " ' ™ 1S 3 robust medium. Therefore, the argument that individuals need to 

make back-up (private) copies of DVDs does not hold water. The only reason for making 

such copies would be for further distribution, which risks severely damaging the audio- 

Zm Se T of -- p tions that are not subordinated technicll measures 

r ■ ^ n- SUCb measures use less. The result would be to negate the purpose of the 

SurZn T tlV l and the WIP0 Copyright Treaties and to destroy rightsholders’ 

ability to distribute their works in the digital environment. 

It should also be noted that a blanket exception for temporary copies (Article 5.1) which 

wmfitZ any m< f ltlV f for service Providers to co-operate in the fight against piracy 
ill ftirther exacerbate the challenges posed by the spread of illicit circumvention devices 

which enable the unauthorised distribution of DVDs on the Internet. The limitations on 

ability in the E-Commerce Directive (which has recently been the subject of a political 

agreement by the Member States) provide a workable means for protecting the interests 
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